10.1.3 his page will teach students about denial of service (DoS) attacks. DoS attacks are designed to deny services to legitimate hosts that try to establish connections. DoS attacks are commonly used by hackers to halt system responses. One type of DoS is known as SYN flooding. SYN flooding exploits the normal three-way handshake and causes targeted devices to acknowledge to source addresses that will not complete the handshake.
The three-way handshake begins when the initiating host sends a SYN packet. The SYN packet includes the source IP address and the destination IP address. This source and destination address information is used by the recipient to send the acknowledgment packet back to the initiating device.
In a DoS attack, the hacker initiates a SYN but spoofs the source IP address. Spoofing is a term used when the receiving device replies to a non-existent, unreachable IP address and then is placed in a wait state until it receives the final acknowledgment from the initiator. The waiting request is placed in a connection queue or a holding area in memory. This wait state requires the attacked device to use system resources, such as memory, until the connection timer times out. Hackers will flood the attacked host with false SYN requests to utilize all of its connection resources and prevent it from responding to legitimate connection requests.
To defend against these attacks, system administrators may decrease the connection timeout period and increase the connection queue size. Software also exists that can detect these types of attacks and initiate defensive measures.
The next page will discuss the concept of windowing.
No comments:
Post a Comment